1 files changed, 11 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index f4543bf4..cd8af21f 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -303,8 +303,19 @@ in {
        ssl_require_crl = yes
        ssl_verify_client_cert = yes
+        ssl_min_protocol = TLSv1.2
+        ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl_prefer_server_ciphers = no
        auth_ssl_username_from_cert = yes
+        ssl_cert_username_field = commonName
        auth_mechanisms = external
+        auth_username_format = %n
+        auth_verbose = yes
+        verbose_ssl = yes
+        auth_debug = yes
        service auth {
          user = dovecot2

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index f4543bf4..cd8af21f 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix
@@ -303,8 +303,19 @@ in {
303		303
304	ssl_require_crl = yes	304	ssl_require_crl = yes
305	ssl_verify_client_cert = yes	305	ssl_verify_client_cert = yes
		306
		307	ssl_min_protocol = TLSv1.2
		308	ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
		309	ssl_prefer_server_ciphers = no
		310
306	auth_ssl_username_from_cert = yes	311	auth_ssl_username_from_cert = yes
		312	ssl_cert_username_field = commonName
307	auth_mechanisms = external	313	auth_mechanisms = external
		314	auth_username_format = %n
		315
		316	auth_verbose = yes
		317	verbose_ssl = yes
		318	auth_debug = yes
308		319
309	service auth {	320	service auth {
310	user = dovecot2	321	user = dovecot2